Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Talking Up Security

982 views

Published on

A presentation I gave to help security practitioners engage with executives.

Published in: Internet

Talking Up Security

  1. 1. Talking up security.Engaging with the board and executives.
  2. 2. Who are we talking to? Non-Executive Directors Board Member Fiduciary & Legal Duty Independent Constructive Challenge Not technical/security specialist Intelligent Experienced 20-40 Days a year Executive Director Board Member Fiduciary & Legal Duty Responsible for management and administration Not technical/security specialist Intelligent Experienced Full-Time Employee Senior Managers Not a Board Member Responsible for execution Unlikely to be technical/security specialist May have conflicting agenda Intelligent Full-Time Employee Collective Decisions & Responsibility
  3. 3. What do they want and need? Trust Confidence Protection of Data Protection of Brand Loss Avoidance Risk Exposure State of Compliance Peer Benchmarks
  4. 4. What do we want? Sponsorship Access Funding Resources Support Career Decisions Guidance Challenge Context
  5. 5. Formal Engagement Summary: One page only “speed read” Why they are seeing the paper? Articulate outcome State the objective Summarise key points Clear narrative Consider audience needs What do they know? What do they need to know? Avoid acronyms or jargon Short paragraphs Sub-Headings Format Length & Appendices Draft early Review, review, review Board Papers
  6. 6. Formal Engagement Presenting Identify & manage stakeholders Difficult conversations in advance Take paper as read 3 key messages Identify attendee biases Be ready for hard questions Be confident – you’re the expert! Management Information How can the board realistically respond to the data? Is the data relevant to a business goal? Goals / Questions / Metrics KRI / KCI / KPI Trends / %s
  7. 7. Informal Engagement Stories Positive for encouragement Negative for warning Be truthful, credible and candid Consider how the listener will relate to the story Embed vital information but keep it simple Have the numbers available Relate it to the business ‘Why’ over ‘what’ and ‘how’
  8. 8. Informal Engagement 1:2:1 Training Personal introduction Ask about their role Show an example Opportunity for ‘stupid’ questions
  9. 9. Dangerous Territory All Green all the time Red for effect Overconfidence Failure to deliver on time Disagreement in formal meetings Not knowing the detail
  10. 10. Thank you. phil@huggins.org.uk @oracuk blog.blackswansecurity.com

×